Short Bytes: WannaCry ransomware, which targetted tons of unpatched older versions of Windows, used the leaked EternalBlue and DoublePulsar exploits. Now, a team of white hat researchers has ported the EternalBlue exploit to Windows 10. This module is a smaller version that can be ported to unpatched Windows 10 and used to deliver payloads. In the research report, many technical details have been omitted to stop black hats from replicating it.Over the course of last few weeks, WannaCry has been making prominent headlines in the security world. Powered by NSA’s EternalBlue and DoublePulsar exploit, WannaCry wrecked havoc on unpatched Windows 7 and XP PCs. This exploit didn’t affect Windows 10.
But, in the latest development, the security experts at RiskSense have ported WannaCry’s EternalBlue exploit to Windows 10. They’ve created a Metasploit module based on the hack with many improvements. One should also note that installing MS17-010 patch fully protects Windows 10 users from this port.
The Windows 10 EternalBlue exploit has been refined for lower network traffic, along with the removal of the DoublePulsar backdoor. They also reduced the exploit’s code by up to 20%.
This proof-of-concept has been in works since the ShadowBrokers’ leak of hacking tools. The researchers have published a report to showcase what’s needed for the port. In the paper, the team has analyzed how using wrong-sized CPU registers leads to a miscalculation.
“This causes a chain reaction domino effect ultimately culminating in code execution, making ETERNALBLUE one of the most complex exploits ever written,” the report adds.
This port has been made to benefit the white hat security industry and increase the awareness of these exploits.
Please note that this Windows 10 EternalBlue port works only on Windows 10 versions before Redstone 1. As expected, the paper avoids mentioning the technical details that would help hackers create their own Windows 10 port. However, it does come with information to help the researchers and companies deal with EternalBlue.
Did you find this update on WannaCry and EternalBlue exploit helpful? Don’t forget to share your views.